It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Internet virsus attacks continue

page: 1

log in


posted on Mar, 27 2003 @ 05:22 AM
I've continued to received virus infected e-mails from various sources - last night the old, "Snow White & the Seven Dwafs" mail was intercepted and automatically deleted again.

I've just now received this disturbing e-mail notice from my ISP:Your session on the OneTel Internet service has been interrupted. This interruption is due to a simultaneous multiple logon connection. This is a breach of clause 4.2 of our General Terms and Conditions. This clearly states that "Only one person is permitted to use your account at any one time".

I have 2 questions and hope that someone here can offer me helpful information.

1) When my antivirus program deletes an infected e-mail, what happens to it?

2) If I have my antivirus software set to delete an infected e-mail, is it then sent to the recycle bin and if not deleted from there, able to infect my PC once it re-starts? (I forgot to check to see if it was sent to the recycle bin last night before shutting down).

I will now need to reformat my hard disk, and should be back on-line in a couple of hours.

Thanks for any helpful insights or advice.

All the Best,

posted on Mar, 27 2003 @ 05:36 AM
I'm getting alot of those CBS news updates on the war e-mails, are they viruses too?


posted on Mar, 27 2003 @ 12:18 PM
I also receive CBS news reports. I don't think they are the source of what I've been experiencing.

posted on Mar, 27 2003 @ 12:26 PM

i come from a yahoo group that used to be run by a computer expert known as NWO_cracker . he never hacked until he started digging on the NWO

he told us many of the viruses today are simple recon devices to learn and report on the weaknesses of computer systems . cracker used a Linux system and a new Mac all the time because there are few or no viruses because of it . im thinking of rebuilding my pc into a linux machine because of it

stay away from windows . it is the tool of the nwo

posted on Mar, 27 2003 @ 12:39 PM
Whats up Deep? Since we last talked about this, I continue to receive these virus emails. I dont know why my program doesn't pick them up, but I know when I get an email from an unknown user with a stupid title in the subject matter and it is 127k large, thats not normal. I recently installed a good firewall and I've intercepted three substantial attacks already and I am definitely pursuing them, they're gonna pay.

MB, what makes you think that Windows is a tool of the NWO???

posted on Mar, 27 2003 @ 01:33 PM
My work comp got hit with that .avcrc thing again. I assume it is some sort of virus but I cannot figure out its purpose. It simply places a file called .avcrc in every (and I mean every) folder on my comp. I have dissasembled it and everything. Cannot find out what it is supposed to do, or where it is coming from.
P.S. Norton still doesn't recognize it as a virus.

Be Cool

posted on Mar, 27 2003 @ 02:44 PM
My virus scanner detects viruses in my windows/system folder but is unable to remove them, am I stuck with them? They say worm_hybris followed by a bunch of letters. I assume I can attribute my "Blue Screen of Death" twice a day to them, but wtf do I know?

posted on Mar, 27 2003 @ 02:54 PM
Oooh I hate that Blue screen of
Did you go to and look it up. Sometimes they have a patch or something you can download. Look on the bright side, at least yours is smart enough to figure out that you have a virus. I expect mine to tell me to take two of these and call me in the
Be Cool

posted on Mar, 27 2003 @ 07:08 PM
This is by no means a comprehensive list of safeguards against internet virus infection, but it may offer a few tips for those who are unaware of these issues. I've already mentioned in a previous thread about not using the preview pane in Windows Outlook Express. There are several sites that offer good information about the latest viruses that are making the rounds. I've just today had to reformat my hard disk and don't currently have those in my favourites folders. I will access my backed up files and post them later, if anyone is interested.

Top 5 Threats:


Latest Viruses:

WORM_OROR.AI (25.03.03)
WORM_LOVGATE.G (25.03.03)
WORM_BIBROG.E (24.03.03)
WORM_LOVGATE.F (23.03.03)
WORM_CULT.A (23.03.03)

There are more than 50,000 viruses today, new viruses come out daily, any of them could be the next LoveBug virus! The real-world global virus outbreaks like W97M_Melissa, VBS_Loveletter (a.k.a. LoveBug), VBS_Fireburn, W97M_Resume and VBS_Newlove have shown how effective malicious code technology can be .

To reduce the risk of virus infections, and of inadvertently triggering or spreading them to other people, put these safeguards into effect on your machine today and they will help keep you using today's advanced computer information access technology without falling prey to viruses and other malicious code! To make your system more robust, follow these practices outlined below to set up and configure your system. The general idea is to make it difficult or impossible for viruses to run.

Disable the Windows Scripting Host Functionality

This is to prevent Visual Basic script viruses like VBS_LoveLetter from running, so that they cannot activate, spread or cause damage to files. A typical PC does not need Windows Scripting Host (WSH) to function normally. You can always change your mind later and reinstall WSH by repeating these steps and re-selecting "Window Scripting Host" checkbox.

Do Not Hide File Extensions of Known File Types

All Windows operating systems, by default, hide the known file extensions in Windows Explorer. This feature can be used by virus writers and hackers to disguise malicious programs as some other file formats, such as text, video or audio files. For example, a malicious program file named "readme.txt.exe" is displayed as "readme.txt" in Windows Explorer (see illustration below). Therefore users are often tricked into clicking the "text" file and then into inadvertently running the malicious file. To avoid this confusion, you are recommended to change the Windows Explorer setting to "Not hide the File Extension of known File Types." Important Notice: There are still some file extensions, which the Windows operating system will always hide, such as the shell scrap files with the extension .shs.

Set Internet Explorer Security to at Least "Medium"
By default, the Internet Explorer Security Setting is set to "Medium." However, Trend has seen many systems where the security system was changed to "Low" by a virus, Trojan, or hacker. In this regard, we encourage every user to ensure that their security setting is set to at least "Medium", as this will reduce the risk of accidentally running a malicious file. At the "Medium" security level, Internet Explorer 5 will prompt users before running potentially unsafe content. We also advise that users always save files to the local hard drive and then scan them with an up-to-date antivirus product. If you don't have an antivirus product or your product is out of date, please feel free to use Trend Micro's free on-line scanner HouseCall at

Require a Prompt Before Opening Mail Attachments (applies to Microsoft Outlook and Outlook Express users)

We have seen many viruses activate because users were double-clicking on incoming email file attachments. In this regard, we advise that Internet users save files to the local hard drive and then scan them with an up to date antivirus product (instead of double-clicking over the incoming email file attachments). Afterwards, your system will prompt you with a warning even if you accidentally click on an email attachment or read an email that has some embedded scripts. This registry fix applies to Word documents, Excel sheets, Excel charts, PowerPoint files and HTML files.

Enable Macro-virus Warning in MS Office 97 & 2000 (applies to Office 97 and 2000 users)

Apply All the Latest Microsoft Security Updates (I know there are several folks here who dislike Microsoft, but for the others) in order to close security holes that have been discovered since Windows was shipped and installed. Security updates will help prevent hackers from accessing your system and prevent viruses from running on your system. Windows 98 or Windows 2000 users can also use the Windows Update feature to get all the latest security updates. Simply click "Start" and then select "Windows Update".

Safe Computing Practices mainly make it more difficult for malicious code to enter or execute on client systems. Nevertheless, the recommended safe computing practices are not intended to replace currently updated antivirus software. Users whose systems have been attacked by viruses or Trojans can tell stories about what a hassle they can be at minimum ñ or about the important data they may have lost. In general, most viruses are mere nuisances, but every once in a while a new virus comes along that uses a new technique and causes major computer problems or threatens data or data security. These Safe Computing Practices will add a protective layer of defense to prevent viruses from running inadvertently.

Happy Surfing Y'all,

posted on Mar, 27 2003 @ 08:07 PM
Here is great free online virus scanner. Use it to detect viruses that Norton maybe having trouble with. I use it every once in a while to double check.

posted on Mar, 28 2003 @ 05:06 PM
I have just endured five days of constant attacks from puter didn't seem to matter that I had three types of screens in place to battle these lowlifes. After seven attacks directed into my system I am still standing. I remain dedicated to the battlefield of truth and nothing will come in the way of such.


posted on Mar, 30 2003 @ 08:17 PM
I've already mentioned that someone has hacked my website and ISP account number and tried to log on whilst I was on-line.

This morning whilst on-line surfing the world news sites my PC suddenly restarted itself, which immediately made me suspicious - it's NEVER done that before (most software requires the PC to reboot to complete the installation). After it rebooted itself I reconnected to the net and checked for new e-mail. My box was filled with a few news reports and several strange appearing e-mails from unknown sources. I ignored the strange ones as I usually do and went to create a new message rule for them to be deleted from the server in the future. But, I was astonished to see that all rule and block features of Outlook Express had been DISABLED. This is something brand new, which I've never experienced before and it only happened immediately after my PC restarted itself. I know that for a fact because I had previously set new delete rules just 45 minutes earlier.

I ran a complete virus check that came up negative for viruses. I then attempted to repair my Windows installation, which threw my PC into a total meltdown that prevented me from even getting back to my desktop. So I did a master boot reformat completely wiping the hard disk clean (supposedly). I then reinstalled Windows and went out and bought Norton System Works 2003. When I went to install the new software, my hard disk would NOT allow the System Works, Clean Sweep or Registry Cleaner bundle suites to install at all ñ but it did allow the Antivirus to be installed. It's obvious to me that someone wants to take up residence in my PC and wants to prevent me from doing anything about it (also Nortonís antivirus software must not be much of a threat to hackers).

Whatís also interesting is that whilst I was downloading all the Norton Antivirus updates an instant message window kept appearing from an unknown person. I donít even know what messaging software it is as I donít recognize it at all. I assume that perhaps Norton System Works may have some type of instant messenger feature, but since I couldnít install it, I donít really know. Hereís the message that I keep getting even now:

"Message from JANITAGIRL19W to

Hello, I'm looking for a boy in the UK. I have a picture on my homepage:"

It looks like the typical type of weird spam or porn promo that most of us receive and I have not bothered to respond or use the link. But I am mystified what instant messenger program it is. I tend to use MSN Messenger and have never seen this new program window format before.

One other very strange thing that happened just yesterday and may not be related at all to my PC issue is that I received a letter from my bank informing me that a suspicious transaction on my Switch Card was declined in the amount of £315 for auto repairs. I immediately checked my wallet looking for my Switch Card and it was there. I only use my card at 3 locations and they are all reputable & I donít keep my account details on my hard disk. So how on earth did someone get my account number?

I had a brief U2U conversation with a fellow member yesterday and was told that we have many guests who search the membersí profiles here, possibly to steal e-mail addresses. I will now remove my e-mail address to eliminate that option from being used by unknowns who want to invade my space.

Maybe all these recent strange things are just coincidental, or maybe not. Iím not really a conspiracy theorist but I must admit that several really odd things have happened since Iíve become a member of this community. I am not inferring that anyone here has hacked my website or ISP account, but do suspect that this may be a high profile website and draw attention from cyber-snoops who may monitor it for internal U.S. security reasons.

I appreciate the previous comments left on this thread and would be very interested in hearing about any other members who may be experiencing similar things with their PC or in general.


posted on Mar, 30 2003 @ 08:47 PM
Deep. as I stated earlier in the thread my firewall has been intercepting alot of attacks recently. I cant imagine if I didn't have a good firewall what would've happened. I have recorded all the IP's and reported them and am awaiting any results. Bob88 suggested a few weeks ago that everyone remove their email address from their profile and I would suggest the same. Also I have heard on here of people hacking passwords through these instant messenger and chat services, I would remove them from here also. Its a shame you have to be like that, but some people have nothing better to do with their time than make other people's lives miserable. I really hope I get some good results from my traces. I dont know the law, but hacking and the like should be a felony in my eyes. It is theft and invasion of privacy.

posted on Apr, 21 2003 @ 08:30 AM
I occasionally get that on re-booting W98SE - I suspect a combination of the free anti-virus prog AVG, ZoneAlarm Pro (partic its Mailsafe feature) and perhaps Limewire.

It doesn't seem to do much harm AFAICS other than creating these files in each folder on my C: drive - the contents seem to contain a list of the files in the folder along with additional info.

Do you have any of these progs?

posted on Apr, 21 2003 @ 08:36 AM
I've been getting a ton in my email, I am going ahead and going to change my email. Not that it'll help much.
some virus i got emailed last night, 3 of them

searched my registry of Klez but no sign of it...
ran AV and nothing so I hope my computer is clean.

posted on Apr, 22 2003 @ 07:58 AM
I’ve encountered some very pesky viruses that even wiping my hard disk clean wouldn’t remove – they seem to have a protective shell around them..

I’ve just remembered some disturbing information viruses I leant from a PC repair instructor. He said many new viruses are so clever that they embed themselves in the system’s BIOS. He said even reformatting the hard disk won’t remove BIOS embedded viruses – the only way to remove them is to physically remove the BIOS system’s battery that holds it’s information. I would imagine that would mean reinstalling Windows again to reload the BIOS system’s information.

If my machine were severely crippled by a virus attack, I’d remove the BIOS battery, reformat my hard disk and do a fresh, clean reinstall of my OS.

posted on Apr, 23 2003 @ 06:33 AM
I've mentioned before that my website has been hacked three times now. Someone has placed flashing sex banners on two of the pages and lastly, replaced the ICQ paid advertising banner at the top of each page (similar to the ATS ad banners above), with a sex site advert. When I saw ICQ's own paid ad was replaced, I realised that "I" wasn't the target, but someone had hacked the ICQ hosting service, which also affected my website. I've just come across the hacker report below, it would appear that this is a problem for other hosting services as well:

Up to 1,500 websites could have been affected by a recent hack attack. The hacker broke into the server of web hosting firm, stealing passwords and defacing websites. Bargainhost, which looks after around 5,000 websites and has 1,500 sitting on the affected server, is struggling to cope with the problem. Backups of customers website have become heavily corrupted as well and the firm is currently manually recreating over 1,000 customer accounts.

"Our only advice to customers at the moment is to change their passwords," said Technology Manager James Innes.

BBC Report Link

new topics

top topics


log in